Expert analysis
Exploiting design flaws in the Win32 API for privilege escalation – Shatter Attacks – How to break Windows
Introduction This paper presents a new generation of attacks against Microsoft Windows, and possibly other message-based windowing systems. The flaws presented in this paper …
Infranet: Circumventing Web Censorship and Surveillance
An increasing number of countries and companies routinely block or monitor access to parts of the Internet. To counteract these measures, we propose Infranet, a system that …
A General and Flexible Access-Control System for the Web
We describe the design, implementation, and performance of a new system for access control on the web. To achieve greater exibility in forming access-control policies – …
Proprietary Certificates
Certificates play an essential role in public-key cryptography, and are likely to become a cornerstone of commerce-related applications. Traditional certificates, however, are …
OpenSSL Security Vulnerabilities Roundup
OpenSSL Security Advisory issued on 30 July 2002 that points to several security issues within OpenSSL. There are four remotely exploitable buffer overflows in OpenSSL. There …
Hacking the Invisible Network: Insecurities in 802.11x
Wireless local-area networks (WLANs) are becoming increasingly popular but, at the same time, they have introduced new security issues. The convenience of WLANs introduces …
Proxy-Based Security Protocols in Networked Mobile Devices
We describe a resource discovery and communication system designed for security and privacy. All objects in the system, e.g., appliances, wearable gadgets, software agents, …
Security in Plan 9
The security architecture of the Plan 9 operating system has recently been redesigned to address some technical shortcomings. This redesign provided an opportunity also to …
Five Microsoft Security Bulletins Released
Microsoft was pretty active in the past few days – they released five security bulletins dealing with the following products: SQL Server 2000, Windows Media Player, …
Trusted Paths for Browsers: An Open-Source Solution to Web Spoofing
This paper reports the results of our work to systematically defend against Web spoofing, by creating a trusted path from the browser to the user. Starting with the Mozilla …
Secure Execution Via Program Shepherding
We introduce program shepherding, a method for monitoring control flow transfers during program execution to enforce a security policy. Program shepherding provides three …
Setuid Demystified
Access control in Unix systems is mainly based on user IDs, yet the system calls that modify user IDs (uid-setting system calls), such as setuid, are poorly designed, …
Featured news
Sponsored
Don't miss
- Prompt Fuzzer: Open-source tool for strengthening GenAI apps
- How insider threats can cause serious security breaches
- Most people still rely on memory or pen and paper for password management
- What AI can tell organizations about their M&A risk
- Breaking down the numbers: Cybersecurity funding activity recap